Repo Dorks

Here’s a handy list of Google Dorks for use when searching through (github) source code repositories to find sensitive data

  • SSH hosts and keys: inurl:“known_hosts”“ssh-rsa”
  • Private encryption keys: inurl:“id_rsa” -inurl:“pub”
  • Test configuration info: inurl:“test” filetype:config
  • Ruby on Rails secure token: inurl:secret_token.rb
  • Windows Azure account keys: “;AccountKey=”filetype:config
  • Database connection config: “;User Id=” filetype:config
  • Amazon Web Service access key (Java): “AWS_ACCESS_KEY_ID” filetype:properties
  • Amazon Web Service access key (Other): “AWS_ACCESS_KEY_ID” filetype:config
  • Bash command history: filetype:bash_history
  • Account config data: filetype:xml inurl:accounts.xml
  • SQL containing passwords: filetype:sql where password
  • Django settings file:

rabbitmq basics

A quick guide to some basics of running a RabbitMQ server:
Start the service:
service rabbitmq-server start
Remove the default ‘guest’ user:
rabbitmqctl delete_user guest
Set up a new user for administrative purposes:
rabbitmqctl add_user <admin_user> <password>
rabbitmqctl set_user_tags <admin_user> administrator

Set up a new user for the specific instance (vhost) you’ll be using:
rabbitmqctl add_vhost <vhostname>
rabbitmqctl add_user <username> <password>
rabbitmqctl set_permissions -p <vhostname> <username> "^<username>." "." ".*"

Check that everything looks OK:
rabbitmqctl list_vhosts
rabbitmqctl list_users
rabbitmqctl list_permissions -p dev
rabbitmqctl status